In mid-April, our threat monitoring systems detected malicious files being distributed under the name “on the new initiative of the World Bank in connection with the coronavirus pandemic” (in Russian) with the extension EXE or RAR. Inside the files was the well-known Rovnix bootkit. Read Full Article
Some time ago while tracking Winnti group activity we came across a standalone utility with the name HDD Rootkit for planting a bootkit on a computer. During our investigation we found several backdoors that the HDRoot bootkit used for infecting operating systems. Read Full Article
Famous Chinese-speaking cybercriminal APT actor Winnti has been observed targeting pharmaceutical businesses. New threat, which Kaspersky Lab has called “HDRoot” after the original tool’s name “HDD Rootkit”, is a universal platform for a sustainable and persistent appearance in a targeted system, which can be used to launch any other tool. Read Full Article
The sky is the limit for cybercriminal’s creativity. The latest wave are malicious boot loaders, the kit has been pioneered by Brazilian Trojan bankers who aim to remove security software. Read Full Article
We recently discovered a new bootkit, i.e. a malicious program which infects the hard drive’s boot sector. Kaspersky Lab detects it as Rookit.Win32.Fisp.a. Read Full Article
The TDSS rootkit first appeared in 2008. Since then, it has become far more widespread than the notorious rootkit Rustock. The rootkit’s malicious payload and the difficulties it presents for analysis are effectively similar to those of the bootkit. Read Full Article